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HANDLER ACTION 
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NO TRANSITION EXCEPTION 


00 => 01 


VECT xxx X86 CC EXCEPTION - HANDLER CONVERTS FROM NATIVE TO x86 CONVENTIONS 


00 => 1x 


VECT xxx X86 CC EXCEPTION - HANDLER CONVERTS FROM NATIVE x86 CONVENTIONS, 

SETS UP EXPECTED EMULATOR AND PROFILING STATE 


01 =>00 


VECT xxx TAP CC EXCEPTION - HANDLER CONVERTS FROM x86TO NATIVE CONVENTIONS 


01 =>01 


NO TRANSITION EXCEPTION 


01 =>1x 


VECT X86 ISA EXCEPTION [CONDITIONAL BASED ON PCW.X86 ISAJNABLE FLAG] 
- SETS UP EXPECTED EMULATOR AND PROFILING STATE 


1x => 00 
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NAME 
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VECT call X86 CC 


PUSHARGS, RETURN ADDRESS, SET UP x86 STATE 


FAULT ONTARGET INSTRUCTION 


VECTJump_X86_CC 


SET UP x86 STATE 


FAULT ON TARGET INSTRUCTION 


VECT ret no fp X86 CC 


RETURN VALUE TO EAX:EDX, SET UP x86 STATE 


FAULTON TARGET INSTRUCTION 


VECT ret fp X86 CC 


RETURN VALUE TO x86 FP STACK. SET UP x86 STATE 


FAULT ONTARGET INSTRUCTION 


VECT call TAP CC 


x86 STACK ARGS. RETURN ADDRESS TO REGISTERS 


FAULTON TARGET INSTRUCTION 


VECT jump TAP CC 


x86 STACK ARGS TO REGISTERS 


FAULTONTARGET INSTRUCTION 


VECT ret no fp TAP CC 


RETURN VALUE TO RVO 


FAULT ONTARGET INSTRUCTION 


VECT ret any TAP CC 


RETURN TYPE UNKNOWN, SETUP RVO AND RVDP 


FAULTONTARGET INSTRUCTION 
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SAVE TAPESTRY CONTEXT/ 
IN ALLOCATED SAVE 
SLOT (8 
EIP<1:0> -"10" 



CASE "10" OR "11" RETURN: 
MOVE FUNCTION RETURN 
VALUE FROM X86 HOME 
TO TAPESTRY HOME 

CASE RESUME FROM EXCEPTION 
RESTORE TAPESTRY 
CONTEXT FROM 
SAVE SLOT 
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X86-RISC TRANSITION: 
MAP x86 CALL TO RISC 

322 (FIG. 3H) 



RISC-X86 TRANSITION: 
MAP x86 RETURN TO RISC 

342 (FIG. 31) 



NO ISA TRANSITION: 
NO MAPPING REQUIRED 
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RISC-X86 TRANSITION: 
MAP RISC CALL TO x86 

340 (FIG. 31) 



X86-RISC TRANSITION: 
MAP RISC RETURN TO x86 

329,332 (FIG.3H) 



NO ISA TRANSITION: 
NO MAPPING REQUIRED 
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X86-RISC TRANSITION: 
MAP RISC RETURN TO x86 

329,332 (FIG.3H) 



RISC-X86 TRANSITION: 
MAP RISC CALL TO x86 

343-348 (FIG. 31) 



NO ISA TRANSITION: 
NO MAPPING REQUIRED 
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RISC-X86 TRANSITION: 
MAP x86 RETURN TO RISC 

342 (FIG. 31) 



X86-RISC TRANSITION: 
MAP x86 CALL TO RISC 

322 (FIG.3H) 



NO ISA TRANSITION: 
NO MAPPING REQUIRED 
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-LOAD REGISTER ARGS 

FILL-IN RXA (RETURN TRANSFER ARGUMENT AREA) 



319 
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tl 



,— NATIVE.ENTRY: - 

NATIVE PREAMBLE: 
(TYPICALLY VACUOUS) 



-VARARGS 

-AP FOR A VERY BIG ARGUMENT LIST 



318 



OMIT IF 
NATIVE ONLY 



FUNCTION BODY: 



SETUPXD: 

XD —<DESCRIPTOR_CONSTANT> 

RET 
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X86-to Tapestry transition exception handler 

II This handler is entered under the following conditions: 
// 1 . An x86 caller invokes a native function 
// 2. An x86 function returns to a native caller 

// 3. x86 software returns to or resumes an interrupted native function following 
// an external asynchronous interrupt, a processor exception, or a context switch 
r 321 

dispatch on the two least-significant bits of the destination address { 
case"00" // calling a native subprogram 

// copy linkage and stack frame information and call parameters from the memory 
// stack to the analogous Tapestry registers ~« 
LR^-[SP++] //set up linkage register^ I 
AP^-SP //address of first argument-'" 226 

SP-^SP-8 // allocate return transfer argument area 327 
SP ^ SP & (-32) // round the stack pointer down to a 0 mod 32 boundary 
XD 0 // inform callee that caller uses X86 calling conventions 328 

case "01" // resuming an X86 thread suspended during execution of a native routine -\ 
if the redundant copies of the save slot number in EAX and EDX do not match or if \ 371 
the redundant copies of the timestamp in EBX:ECX and ESI:EDI do not match { J 
// some form of bug or thread corruption has been detected 
goto TAPESTRY_CRASH_SYSTEM( thread-corruption-error-code ) 372 

save the EBX:ECX timestamp in a 64-bit exception handler temporary register \ 373 I 37Q 
(this will not be overwritten during restoration of the full native context) J [ 

use save slot number in EAX to locate actual save slot storage^^374 

restore full entire native context (includes new values for all x86 registers) ^.375 

if save slot's timestamp does not match the saved timestamp { ~^-376 
// save slot has been reallocated; save slot exhaustion has been detected 
goto TAPESTRY_CRASH_SYSTEM( save-slot-overwritten-error-code )^_ 377 

fr66 tfl6 S3V6 Slot ^^"^^^ 

case"10" // returning from X86 callee to native caller, result already in registers 

RV0<63:32> -*— edx<31:00> // in case result is 64 bits — —333 I „ 9 

convert the FP top-of-stack value from 80 bit X86 form to 64-bit form in RVDP ^^.334 f 
SP — — ESI // restore SP from time of call — ^ — 

case"11" // returning from X86 callee to native caller, load large result from memory " 

RV0..RV3 — load 32 bytes from [ESI-32] // (guaranteed naturally aligned) ,« n 1 329 
SP^-ESI // restore SP from time of call 

EPO-EPC & -4 // reset the two low-order bits to zero -\ _ oc 
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Tapestry-to-X86 transition exception handler 

// This handler is entered under the following conditions: 
// 1 . a native caller invokes an x86 function 
// 2. a native function returns to an x86 caller 
switch on XD<3:0> { 

XD_RET_FP: // result type is floating point 

FO/FI — FINFLATE.de( RVDP) // X86 FP results are 80 bits 
SP— from RXA save // discard RXA, pad, args 

FPCW— image after FINIT & push // FP stack has 1 entry 
goto EXIT 

XD_RET_WRITEBACK: // store result to @RVA, leave RVA in eax 

RVA— from RXA save // address of result area 

copy decode(XD<8:4>) bytes from RV0..RV3 to [RVA] 342 
eax— RVA // X86 expects RVA in eax 

SP— f rom RXA save // discard RXA, pad , args 

FPCW— image after FINIT // FP stack is empty 

goto EXIT 

XD_RET_SCALAR: // result in eax:eda 

edx<31 :00> — eax<63:32> // in case result is 64 bits 
SP— from RXA save // discard RXA, pad, args 

FPCW— image after FINIT // FP stack is empty j 

goto EXIT 

XD_CALL_HIDDEN_TEMP: // allocate 32 byte aligned hidden temp^-343 
esi— SP // stack cut back on return 

SP — SP - 32 // allocate max size temp \ 344 

RVA— SP // RVA consumed later by RR J 

LR<1:0>— "H" //flag address for return & reload^ 

goto CALL_COMMON 345 

default: // remaining XD_CALL_xxx encodings 

esi^— SP // stack cut back on return ^ 

LR<1:0>— "lO" //flag address for return^ 343 

CALL.COMMON: ^347 346 

interpret XD to push and/or reposition args J 
[„SP] — LR // push LR as return address 1 

EXIT: I- 348 

setup emulator context and profiling ring buffer pointer 

RFE -^* 349 // to original target 

} 

FIG. 31 



350 
/ 

interrupt/exception handler of Tapestry operating system: 7 
II Control vectors here when a synchronous exception or asynchronous interrupt is to be 
// exported to / manifested in an x86 machine. 

//The interrupt is directed to something within the virtual X86, and thus there is a possibility 
// that the X86 operating system will context switch. So we need to distinguish two cases: 
// either the running process has only X86 state that is relevant to save, or 
// there is extended state that must be saved and associated with the current machine context 
// (e.g., extended state in a Tapestry library call in behalf of a process managed by X86 OS) 
if execution was interrupted in the converter - EPC.ISA == X86 { [ 
// no dependence on extended/native state possible, hence no need to save any f 351 
goto EM86_Deliver_lnterrupt( interrupt-byte ) J 
} else if EPC.Taxi_Active { ^ 
//A Taxi translated version of some X86 code was running. Taxi will rollback to an 1 
// x86 instruction boundary. Then, if the rollback was induced by an asynchronous external 
// interrupt, Taxi will deliver the appropriate x86 interrupt. Else, the rollback was induced I 353 
// by a synchronous event so Taxi will resume execution in the converter, retriggering the C 
II exception but this time with EPC.ISA == X86 
goto TAXI_Ro!lback( asynchronous-flag, interrupt-byte ) 
}elseifEPC.EM86{ 

// The emulator has been interrupted. The emulator is coded to allow for such 
// conditions and permits re-entry during long running routines (e.g. far call through a gate) y 354 
// to deliver external interrupts 
goto EM86_Deliver_lnterrupt( interrupt-byte ) 



J 



} else { 



// This is the most difficult case - the machine was executing native Tapestry code on ^ 
// behalf of an X86 thread. The X86 operating system may context switch. We must save 
// all native state and be able to locate it again when the x86 thread is resumed. 



r 361 



allocate a free save slot; if unavailable free the save slot with oldest timestamp and try again 
save the entire native state (both the X86 and the extended state) 1 3 g 2 

save the X86 EIP in the save slot J ^363 . 

overwrite the two low-order bits of EPC with "01" (will become X86 interrupt EIP) y > 360 
store the 64-bit timestamp in the save slot, in the X86 EBX:ECX register pair (and, \ „ fi4 
for further security, store a redundant copy in the X86 EShEDI register pair) J ODH 
store the a number of the allocated save slot in the X86 EAX register (and, again for \ 

further security, store a redundant copy in the X86 EDX register) J 000 

goto EM86_Deliver_lnterrupt( interrupt-byte ) -n 

^369 
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typedef struct { 
save_slot_t * 
save_slot_t * 
unsigned int64 
unsigned int64 
unsigned int64 

timestampj 
int 

boolean 
} save_slot_t; 



newer, // pointer to next-most-recently-allocated save slot" 

older; // pointer to next-older save slot 

epc; // saved exception PC/IP 

pew; // saved exception PCW (program control word) 

registers[63]; // save the 63 writeable general registers 

// other words of Tapestry context 

timestamp; _ // timestamp to detect buffer overrun 



-379c 



save_slot_ID; // ID number of the save slot 
save_slot_is_full; // full / empty flag ^ 



^-357 
359 



-358 



►356 



save_slot_t* 
save slot t* 



save_slot_head; 
save slot tail; 



//.pointer to the head of the queue -x 
// pointer to the tail of the queue 379a 
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system initialization 

reserve several pages of unpaged memory for save slots 
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r360 

PREPARE X86EXCER OR INT. — ■ | I { j 

ALLOC FREE OR OLDEST SAVE SLOT | j . ; 
STORE TIMESTAMP & FULL STATE 1 ! ! ' 
x86 REGS —SAVE SLOT ID, 

TIMESTAMP 
EPC<1:0>— 01 



-306,316,302 
x86S w V ^ (8 
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HANDLER: RISC TO x86 



XD CONTAINS RETURN-DESCRIPTOR: 
INTERPRET XD: 342 
- REFORMAT / REPOSTION RESULT 
-LOAD FPCW 

SP — [SP] // POP RA AND ARGS [V 



XD CONTAINS CALL-DESCRIPTOR: 
ESI— SP 

INTERPRET XD, REPOSITION ARGS 
LR<1:0> — IxPERXD 
PUSH LRASRA(RETADDR) 




r 320 
HANDLER: x86 TO RISC 



EPC<1:0> ==00: 
LR — [SP] 
SP — SP + 4 
AP — SP 
SP — SP-8 
SP — SP & (-32) 
XD — 0 
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//RET AREA 



370 

EPC<1:0> ==01: 
x86 REGS POINTS TO SAVE SLOT 
USING TS VERIFY NO OVERWRITE 
RESTORE FULL STATE 
FREE SAVE SLOT 
EPC<1:0> — 00 



EPC<1:0> ==1x: 



329 332 



REFORMAT/ REPOSTION THE 

FUNCTION RESULT PER EPC<0> 
SP— ESI 

EPC<1:0> — 00 i 
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o 385 

XD— RET-DESC 
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340 

HANDLER: RISC TO x86 



XD CONTAINS RETURN-DESCRIPTOR: 
INTERPRET XD: 

- REFORMAT/REPOSTION RESULT 
-LOADFPSW 

SP— [SP]//POPRA&ARGS i 
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HANDLER: x86 TO RISC 



EPC<1:0> ==00: 
LR— [SP] 
SP— SP + 4 
AP— SP 
SP— SP-8 
SP— SP & (-32) 
XD— 0 
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EPC<1:0> ==01: 



EPC<1:0> ==1x: 
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INITIATE x86 EXCEP.ORINT. 



ALLOC FREE OR OLDEST SAVE SLOT 
STORE TIMESTAMP & FULL STATE 
x86 REGS —SAVE SLOT ID, TIMESTAMP 
EPC<1:0>— 01 
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HANDLER: x86 TO RISC 



EPC<1:0> == 00: 



EPC<1:0> ==01: 
x86 REGS POINTS TO SAVE SLOT 
USING TS VERIFY NO OVERWRITE 
RESTORE FULL STATE 
FREE SAVE SLOT 
EPC<1:0>— 00 
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340 

HANDLER: RISC TO x86 



XD CONTAINS RETURN-DESCRIPTOR: 



XD CONTAINS CALL-DESCRIPTOR: 
ESI— SP 

INTERPRET XD, REPOSITION ARGS 
LR<1:0>— IxPERXD 
PUSH LR AS RA(RETADDR) 
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HANDLER: x86 TO RISC 



EPC<1:0> = 00: 



EPC<1:0> = 01: 



EPC<1:0> ==1x: 
REFORMAT /REPOSITION THE 
FUNCTION RESULT PER EPC<0> 
SP— ESI 
EPC<1:0> — 00 
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REP MOVS/STOS/LDOS (OPCODE: A4, A5, AA, AB, AC, AD) 


NO 


YES 


NO 


NO 






1.1010 


INDIRECT NEAR JMP (OPCODE: FF/4) 


NO 


YES 


YES 


NO 






1.1011 


INDIRECT NEAR CALL(0PC0DE:FF/2) 


NO 


YES 


YES 


YES 


NEAR CALL 




1.1100 


LOAD FROM 1/0 MEMORY (TLB ASI !=0) {NOT USED IN T1} 


NO 


YES 


NO 


NO 






1.1101 


AVAILABLE FOR EXPANSION 


NO 


NO 


NO 


NO 






1.1110 


DEFAULT CONVERTER EVENT; SEQUENTIAL 406 


NO 


NO 


NO 


NO 






1.1111 


NEW PAGE (INSTRUCTION ENDS ON LAST BYTE OF A PAGE FRAME OR 
STRADDLES ACROSS APAGE FRAME BOUNDARY) 408 


NO 


YES 


NO 


NO 





FIG. 4B 
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Q. 52 CO 




TAXi profile entry generation 

, CONVERTER EVENT CODE 



563 BRANCH 
PREDICTED 
TAKEN 




EVENT 
CODE 
LATCH 
4:4 
(EVENT 
FROM 
CONVERTER) 



LAST CONVERTER 
RECIPE INSTRUCTION 
COMPLETES 
FROM W STAGE 



TOW STAGE TO UPDATE 
EVENT CODE.LATCH 



FIG. 5B 




FLOATING-POINT TOP OF STACK 
FLOATING-POINT TAGS 
FLOATING-POINT CONTROL WORD 



ADDRESS OF TAXi TRANSLATED 
NATIVE CODE 

644 



FIG. 6 A 



EVENT CODE FROM RFE RESTARTING CONVERTER 
OR MAPPING OF CONVERTER'S x86 OPCODE 

ft 

592^ 



RFE OR PREVIOUS CONVERTER CYCLE 



486, 487 



EVENT CODE LATCH < fr D £^mmK 



USE LATCHED 




CLEAR TaxLState.pact 
PROBE FAILED RFE „ 
PR OBE TIMER RELOA D 

— O- 



624 



NEXT (VIS TARGET) 
PAGE PROPERTIES 
FROM l-TLB 



TABLE 3 
EVENT CODE 
664 PLA 662 

665 FAR 6 ? 3 NEAR 661 S 
S CALL \ JUMP / 



650 

660 

\ 

Jnz 



EMULATOR 
PROBE 



NEAR 
CALL 



COND 
JUMP 



NEXT INSTRUCTION CYCLE 
-418 



INITIATE PACKET-^ 



PROFILEABLE EVENT 

. 



PROBEABLE EVENT 



416 



610 



ULJUU 



670 




•TaxLControl.probe 



676 



x— l-TLB PROTECTED S 
PAGE PROPERTY 
TAX! ENABLED 



•186 



FOR CURRENT x86 CONTEXT 
— TaxLState.pact a. 482 
PROBE! 



674 



DECODED_PROBE_EVENT < 



672 



7 

678 



680 



PROBE.MASK 620 



PROBE FAILED RFE: 
~~ CTEAR CORRESPONDING 
DECODED_PROBE_EVENT BIT 

PROBE TIMER RELOAD 



TIMER EXPIRED: 



SET ALL PROBE MASK BITS 



PROBE TIMER 
630 



FIG. 6B 



AS EACH EVENT OCCURS DURING EXECUTION OF AN X86 PROGRAM IN CONVERTER 136 OR 
EMULATOR 316, MATERIALIZE AN EVENT CODE IN EVENT COD E LATCH 486, 487 

I 



PLA 650 PROCESSES THE EVENT CODE TO PRODUCE AT MOST ONE OF FIVE CLASSIFICATIONS I f 
OF THE EVENT, "JNZ" 660, "CONDITIONAL JUMP" 661, 'NEAR JUMP" 662, "NEAR CALL" K 
663, "FAR CALL" 664, OR "EMULATOR PROBE" 665 



650 



THE BIT 660-665 (SANDED WITH THE PROBE PAGE PROPERTIES 624 FROM TLB 116 \f 
AND TAXI_STATE.PROBE_MASK 620 



670 



OR TOGETHER THE PRODUCTS OF THE ANDS. THE SUM OF THE OR REPRESENTS THE f 
PREDICATE "THE EVENT CODE 592 IS AN EVENT ON A PAGE WHOSE PROBEABLE EVENT BIT IS ^ 
CURRENTLY ENABLED IN TAXI STATE.PROBE MASK 620 AND THE TLB COPY OF THE 
PFAT PAGE PROPERTIES." 



672 



674 



AND THE SUM OF THE OR TOGETHER WITH SEVERAL MACHINE CONTEXT PREDICATES TO SEE 

IFTHIS IS APROBEABLE EVENT 



0 



v1 



CONSULT THE BIT VECTOR TO VERIFY THAT THE PROBEABLE EVENT IS IN AN ADDRESS RANGE 
WITH ACORRESPONDING TRANSLATED CODE SEGMENT 



690 
0 



,r1 



682 



EXECUTE ATAXi INSTRUCTION TO MATERIALIZE ACONTEXT_AT_POINT ENTRY DESCRIBING 
THE CURRENT MACHINE STATE, TO SUPPLY ARGUMENTS TO THE PROBE EXCE PTION HANDLER 

I 



RESUME EXECUTION 



lDELIVER A PROBE EXCEPTION TO TRANSFER CONTROL TO THE SOFTWARE EXCEPTION HANDLER! IN X86 CONVERTER 



PROBE PIPM 602 FOR AN ENTRY 640 CORRESPONDING TO THE ADDRESS OFTHE TARGETOF 

THE EVENT 



WASAPIPM ENTRY FOUND? 



N 



MISMATCH 

EVALUATE/VERIFY THE PRECONDITIONS FROM INTEGER PORTION 686 OF PIPM 602 ENTRY 640 



Y 



| MATCH 



EVALUATE/VERIFY THE PRECONDITIONS FROM FLOATING-POINT PORTION 688 OF PIPM 602 
ENTRY 640, AND IF MISMATCHING, UNLOAD FLOATING-POINT CONTEXT AND RELOAD ITTO 

CONFORM T O PIPM __ 

\ 



TRANSFER CONTROL TO THETAXi TRANSLATED NATIVE CODE 



FIG. 6C 



CLEAR PROB E MASK BIT 

FAIL: RESUME EXECUTION 
OF X86 BINARY IN 
CONVERTER 136 



